funsec mailing list archives

Re: MySpace Accounts Compromised by Phishers

From: Gregory Hicks <ghicks () cadence com>
Date: Fri, 27 Oct 2006 13:16:10 -0700 (PDT)

Date: Fri, 27 Oct 2006 15:52:06 -0400
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
To: "Valdis.Kletnieks () vt edu" <Valdis.Kletnieks () vt edu>
Subject: Re: [funsec] MySpace Accounts Compromised by Phishers
Cc: funsec () linuxbox org

On 10/27/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:

On Fri, 27 Oct 2006 15:15:58 EDT, Dude VanWinkle said:

On 10/27/06, Fergie <fergdawg () netzero net> wrote:

Good question. :-)


a better question is why the hell would you jack a myspace page?

is there any way to make money off it? What are the incentives?


You jack a page, now you have a starting point to feed IE exploits at
all the victim's friends when they visit.  You get lucky and nail somebody
with 2,349 "friends", that's a lot of leverage.  Especially if part of the
thing you shoot them is something to whack *their* Myspace page and go

viral.


High hit rates by people who are likely not security/privacy conscious.
What's not to like about it if you're a black hat trying to monetize it? :)


Something else he didn't mention...

The users probably have the same user name and password for MySpace
that they have for other online services.  Thus, capturing those may
give an 'in' to other, more lucrative, prospects.
-------------------------------------------------------------------

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

MySpace Accounts Compromised by Phishers Fergie (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Ron Bowes (Oct 27)
- <Possible follow-ups>
- Re: MySpace Accounts Compromised by Phishers Fergie (Oct 27)
  - Re: MySpace Accounts Compromised by Phishers Dude VanWinkle (Oct 27)
    - Re: MySpace Accounts Compromised by Phishers Ron Bowes (Oct 27)
    - Re: MySpace Accounts Compromised by Phishers Valdis . Kletnieks (Oct 27)
    - Re: MySpace Accounts Compromised by Phishers Dude VanWinkle (Oct 27)
    - Re: MySpace Accounts Compromised by Phishers Valdis . Kletnieks (Oct 27)
    - Re: MySpace Accounts Compromised by Phishers Brian Porter (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Gregory Hicks (Oct 27)
  - Re: MySpace Accounts Compromised by Phishers Blue Boar (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Fergie (Oct 27)